[wp-hackers] Admin Login Brute Force Attacks

Doug Stewart zamoose at gmail.com
Wed Mar 20 22:30:11 UTC 2013

Correct horse battery staple.

On Wed, Mar 20, 2013 at 6:21 PM, Ian Dunn <ian at iandunn.name> wrote:

> Do you mean they'll have no effect on preventing the login attempts, in
> the way that IP banning does? I'd agree with that, but I don't think that's
> the only way to have an effect.
> The reason I thought it was relevant was because a simple password like
> "ilovefluffy" would take a script a few hours/days to crack, while a
> WP-generated password like "'}?(x${G9oYRM.7" would take years/decades (via
> HTTP, but obviously much less if they had the db hash).
> I do think you make a good point about frustrating users, though, which
> can often have the unintended consequence of encouraging them to adopt
> insecure practices to make things more convenient for themselves (e.g.,
> writing the new password on a stickynote because it's too complex to
> memorize.). For computer-literate users, I think encouraging them to use a
> password manager might be a good idea, but that would be too complicated
> for some beginners.
> On 03/20/2013 02:44 PM, Chris Williams wrote:
>> Stricter password rules have virtually no effect on brute force attacks,
>> they simply infuriate legitimate users.
>> On 3/20/13 1:29 PM, "Ian Dunn" <ian at iandunn.name> wrote:
>>  #21737 will tighten password rules.
>> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>


More information about the wp-hackers mailing list